... that any future Anthropic employee ever signs. The sourcecode contains trade secrets. Everybody who worked for Anthropic at the time of the leak is enjoined from talking publicly about those trade secrets. But consider the programmer they hire tomorrow, who has already read the leaked sourcecode. He already knows these trade secrets by virtue of their publication (no matter how inadvertent). So his NDA is inherently flimsier - Anthropic can't restrict him from talking about stuff he already knew about before he joined them.

Checking isn't the problem being solved. Sure I check what I run. Being able to check it on the webpage, then cut and paste it, then maybe check again that I cut and pasted correctly - is far less work, and FAR less error prone than having to type it in. Not to mention faster. If I validate it once, I can Ctrl-V multiple times rather than typing it all out again multiple times. Assume that I have sufficient sophistication to insert check steps where appropriate. Blocking me from using a simple memcpy() to do something rather than having to synthesize it every time is a productivity drain.

I mentioned nothing about random web pages. In our git repos, there are plenty of internal docs saying "to provision the embedded device, plug it in and run this 200-character commandline". Being able to paste those vs typing them saves a lot of time.

Current versions of MacOS have something called "System Integrity Protection" which restricts certain directories from being tampered with even in a su'd shell. It can be disabled, but it's a very off-label way to run the OS and the consequences could be ... spicy.

True but useless. For a long complex commandline input, it saves a lot of work to be able to paste it in. Not to mention the possibility that a typo might have undesirable consequences.

The thing is, I believe you just illustrated my point. You have to set up exotic environments to try to preserve opsec, and opsec is never a static thing - your system works until it hits a failure mode you didn't anticipate, and the cloud agent you're interacting with is constantly evolving. I'm less concerned with "how productive it is" - maybe it is the best thing since sliced bread. I'm not even concerned with "how reliable is it" - I want to check LLM output before I field it anyway. I'm by far the most concerned with "how SAFE is it"

This is everything that was wrong with Microsoft Copilot except even worse because it's cloud based. The idea of allowing a cloud-based service to remote control your computer (especially since most people operate their computer with full admin access) is crazysauce. There are already plenty of stories about LLMs permanently deleting code and other work product, and then saying "oops you're right that was a mistake on my part", Giving them essentially unfettered access to your local filesystem? Not for this little black duck.

Because the kit requires an MSO (Manufacturer's Statement of Origin) that identifies the kit. The process of registering a kit car requires an inspection and a VIN assignment (if the kit didn't include a VIN). At that point it's identified as a noncompliant imported vehicle and off to the crusher with it. Technically whaat you are talking about here, if they did sell it as a kit, would be what's called a "component car" because all the parts would come from a single manufacturer. As far as the NHSTA is concerned, the kit car _is_ a car. This is an obvious loophole that was absolutely thoroughly plugged - US Customs won't let you get away with it. Crush crush.

Unless it's 25 years old, the non-US-compliant car will be untitleable, unregisterable, uninsurable and subject to being impoounded and crushed. Yes, there is a black market for import paperwork and so on - and in some states it's easier than in others - but driving it is a constant risk.

75K to 500K/yr ... yes I would want to move off that too, but there is so much corporate BS in that number that it's not simple. For the migration: What's capex? What's opex? It's complicated.

Can't disagree with anything you wrote, but monocultures exist for other reasons. In regulated industries, it's already hard enough to be process-compliant if you have completely standardized your IT systems. It's practically impossible to survive an audit if you have heterogeneous systems. The overhead isn't just the money required to maintain separate process documents and systems, it's confusion and exhaustion created in the employees who have to interact with different parts of those heterogeneous systems. Confusion means mistakes. Mistakes mean battery acid going into baby formula, or pacemakers being built upside-down.

The Caledonian VPN will penetrate Hadrian's Firewall routinely.

There it is. The most asinine thing I've read on the Internet this morning. Ofcom can clutch their pearls as hard as they wish, but they have no jurisdiction over a company with no UK nexus. If they don't like 4chan - and I'm sure they just picked this site as a test case, because there are many sites in the US that don't comply with UK age/content regulations (and never will) - they can take action inside their own jurisdiction, such as forcing ISPs to block it, or some other draconian censorship nonsense.

Broadcom did it in the ballsiest way possible though. They didn't mince words. They said - almost verbatim - "We don't care about small customers. We are structuring the business model around a small number of high value customers and everyone else is lost in the noise." That kind of explicit statement is not common.

True enough but the migration cost is immense - which is exactly why Broadcom played this game.